<?php
class User{
	public function Login($username,$password){
		$password = sha1($password);
		$sql = "select * from user where username = '$username' and password = '$password'";
		$DB = new DB();
		$row=$DB->fetchRow($sql);
		if($row){
			$_SESSION['userid'] = $row['id'];
			$_SESSION['type'] = $row['type'];
		}
		return $row;
		
	}
	 public function add($username,$password,$realname,$contact)
	 {
		$DB = new DB();
		$password = sha1($password);
		$id = randomString();
		if($this->getUser("username",$username))
		{
			return "Username or Email already been used";
		}
		
		$sql = "INSERT INTO `user` VALUES (:id,:username,:password,:email,:contact,:isadmin)";
		
		$field = array(':id' => $id,
					   ':username' => $username,
					   ':password' => $password,
					   ':email' => $email,
					   ':contact' => $contact,
					   ':isadmin' => 0);
					   
		$_SESSION['username'] = $username;
		$_SESSION['userid'] = $id;
		return $DB->updateDB($sql,$field);			   
	 }	
	 
	 public function edit($password="",$realname="",$contact=""){
		$DB = new DB();
		$field = array();
		$sql = "update `user` set (";
		
		if($password){
			$sql.=" ";
			$password = sha1($password);
		}
	 }
	 
	public function getUser($field,$value){
		$DB = new DB();
		$sql = "select * from user where $field ='$value'";
		return $DB->fetchAll($sql);
	}	 
	
	public function getStat($title,$status=''){
		$DB = new DB();
		$sql = "select count(*) as total from `$title`";
		if($status){
			$sql.=" where type='$status'";
		}
		return $DB->count($sql);
		
		
	}
}
?>